Azure AD user creation

Question

Azure AD user creation

Prince Varghese 1

how to create a Azure AD user account programatically using .net core from a web application register ?
is it possible to create and assign privilages to that new users?

1 answer

Your answer

Answer 1

AmanpreetSingh-MSFT 56,951 Moderator

Hi @Prince Varghese • Thank you for reaching out.

I understood that you want to create Azure AD users using .net core via web application registered in Azure AD. For this purpose:

First you need to acquire an access token so that you can use Graph API to perform the below actions on your behalf by passing the Access Token as a bearer for the calls. You can refer to this sample: https://github.com/microsoftgraph/microsoft-graph-docs/blob/main/concepts/auth-v2-user.md

To create a user account, use below code:

GraphServiceClient graphClient = new GraphServiceClient( authProvider );  

var user = new User  
{  
    AccountEnabled = true,  
    DisplayName = "Adele Vance",  
    MailNickname = "AdeleV",  
    UserPrincipalName = "******@contoso.onmicrosoft.com",  
    PasswordProfile = new PasswordProfile  
    {  
        ForceChangePasswordNextSignIn = true,  
        Password = "xWwvJ]6NMw+bWH-d"  
    }  
};  

await graphClient.Users  
    .Request()  
    .AddAsync(user);

To assign directory role to the user, use below code:

GraphServiceClient graphClient = new GraphServiceClient( authProvider );  

    var directoryObject = new DirectoryObject  
    {  
        Id = "15c1a2d5-9101-44b2-83ab-885db8a647ca"  
    };  

    await graphClient.DirectoryRoles["{directoryRole-id}"].Members.References  
        .Request()  
        .AddAsync(directoryObject);

To get ID of the directory roles, you can use GET https://graph.microsoft.com/v1.0/directoryRoles call.

Read more:

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Prince Varghese 1 Reputation point

2022-02-17T11:34:53.16+00:00

how to get that Authorization Code of Azure AD
AmanpreetSingh-MSFT 56,951 Reputation points Moderator

2022-02-17T12:44:19.483+00:00
@Prince Varghese · Please check the Authorization request section in the GitHub Link that I have shared above. Below is a sample request in which the response_type parameter is used to request for code.

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize? client_id=11111111-1111-1111-1111-111111111111 &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &response_mode=query &scope=offline_access%20user.read%20mail.read &state=12345

You can also refer to THIS SAMPLE that first uses authorization code flow for token acquisition and then call Graph API as shown in the image below:
JamesTran-MSFT 37,226 Reputation points Microsoft Employee Moderator

2022-02-17T17:55:15.94+00:00

@Prince Varghese
Adding onto @AmanpreetSingh-MSFT 's answer, I found some related Stack Overflow posts that might help point you in the right direction as well.

Create users in ASP.NET Core web app using Active Directory authentication
How to create Azure AD users from within ASP .NET Core?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Muhammad Suleman Afsar - External 1 Reputation point

2022-08-05T02:08:19.917+00:00

@AmanpreetSingh-MSFT Sir!
In the first line where object is creating,it shows error on (authprovider) that passing in Graphclient object,how i can fix it.

Share via

Azure AD user creation

1 answer

Your answer